Google is coming under fire from the watchdog group Electronic Privacy Information Center, which has filed a complaint asking the Federal Trade Commission to probe a new Google advertising technology that matches customers' online activities with things they buy in retail stores. Here are the key details from a report in the Washington Post:
The legal complaint from [EPIC] alleges that Google is newly gaining access to a trove of highly sensitive information -- the credit and debit card purchase records of the majority of U.S. consumers -- without revealing how they got the information or giving consumers meaningful ways to opt out. Moreover, the group claims that the search giant is relying on a secretive technical method to protect the data -- a method that should be audited by outsiders and is likely vulnerable to hacks or other data breaches.
Using the debit card information, Google's algorithms can match transactions to users on its various services, albeit in anonymized fashion. Google is defending its methods as common and says it has developed encryption methods that keep user data safe and private. But EPIC says the government needs to review Google's practices for itself, the Post reported.
Analysis: Sunshine needed
As the saying goes, what's done in the dark will eventually come out into the light. But Google shouldn't wait to be compelled to provide information about how the advertising program works under the hood, says Constellation Research VP and principal analyst Steve Wilson.
"They really should submit to an independent security review, so we can all be confident about the privacy promise," Wilson says. "The view can be confidential to protect Google's trade secrets but it has to be independent."
Another important aspect of transparency are user terms and conditions. Google seems to be implying that shoppers have consented to the reuse of their payment data, but many customers click OK on such agreements without really comprehending what they mean, he adds. Ts&Cs for other consumer services, such as credit cards or insurance, have standardized "plain language" contracts meant to protect people against fine print. "We need this type of transparency in the data economy," Wilson says.
Companies like to say they offer good value in exchange for customers' data and that in return customers enjoy the free services. "I reckon that's a dubious proposition but even if it's true, then why are all the privacy settings 'opt out?'," Wilson says. "By default, data is reused and resold far and wide unless customers find the opt-out settings. If the data-for-service bargain is as good as the data magnates say, then I'd expect them to have faith that customers would consciously opt-in."
To that end, EPIC contends that the opt-out settings for Google's products are too complicated and unclear.
"Consumer advocates like EPIC are rightly worried about the assymetry in these arrangements, as data collection methods and systems are put together by some of the most clever people in business," Wilson adds. "They know far more about data practices than the humble customer ever will. So exploitation is simply inevitable."